Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

136 lines
4.3KB

  1. <?php
  2. /**
  3. * @link http://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license http://www.yiiframework.com/license/
  6. */
  7. namespace yii\rest;
  8. use yii\base\InvalidConfigException;
  9. use yii\base\Model;
  10. use yii\web\ForbiddenHttpException;
  11. /**
  12. * ActiveController implements a common set of actions for supporting RESTful access to ActiveRecord.
  13. *
  14. * The class of the ActiveRecord should be specified via [[modelClass]], which must implement [[\yii\db\ActiveRecordInterface]].
  15. * By default, the following actions are supported:
  16. *
  17. * - `index`: list of models
  18. * - `view`: return the details of a model
  19. * - `create`: create a new model
  20. * - `update`: update an existing model
  21. * - `delete`: delete an existing model
  22. * - `options`: return the allowed HTTP methods
  23. *
  24. * You may disable some of these actions by overriding [[actions()]] and unsetting the corresponding actions.
  25. *
  26. * To add a new action, either override [[actions()]] by appending a new action class or write a new action method.
  27. * Make sure you also override [[verbs()]] to properly declare what HTTP methods are allowed by the new action.
  28. *
  29. * You should usually override [[checkAccess()]] to check whether the current user has the privilege to perform
  30. * the specified action against the specified model.
  31. *
  32. * @author Qiang Xue <qiang.xue@gmail.com>
  33. * @since 2.0
  34. */
  35. class ActiveController extends Controller
  36. {
  37. /**
  38. * @var string the model class name. This property must be set.
  39. */
  40. public $modelClass;
  41. /**
  42. * @var string the scenario used for updating a model.
  43. * @see \yii\base\Model::scenarios()
  44. */
  45. public $updateScenario = Model::SCENARIO_DEFAULT;
  46. /**
  47. * @var string the scenario used for creating a model.
  48. * @see \yii\base\Model::scenarios()
  49. */
  50. public $createScenario = Model::SCENARIO_DEFAULT;
  51. /**
  52. * @inheritdoc
  53. */
  54. public function init()
  55. {
  56. parent::init();
  57. if ($this->modelClass === null) {
  58. throw new InvalidConfigException('The "modelClass" property must be set.');
  59. }
  60. }
  61. /**
  62. * @inheritdoc
  63. */
  64. public function actions()
  65. {
  66. return [
  67. 'index' => [
  68. 'class' => 'yii\rest\IndexAction',
  69. 'modelClass' => $this->modelClass,
  70. 'checkAccess' => [$this, 'checkAccess'],
  71. ],
  72. 'view' => [
  73. 'class' => 'yii\rest\ViewAction',
  74. 'modelClass' => $this->modelClass,
  75. 'checkAccess' => [$this, 'checkAccess'],
  76. ],
  77. 'create' => [
  78. 'class' => 'yii\rest\CreateAction',
  79. 'modelClass' => $this->modelClass,
  80. 'checkAccess' => [$this, 'checkAccess'],
  81. 'scenario' => $this->createScenario,
  82. ],
  83. 'update' => [
  84. 'class' => 'yii\rest\UpdateAction',
  85. 'modelClass' => $this->modelClass,
  86. 'checkAccess' => [$this, 'checkAccess'],
  87. 'scenario' => $this->updateScenario,
  88. ],
  89. 'delete' => [
  90. 'class' => 'yii\rest\DeleteAction',
  91. 'modelClass' => $this->modelClass,
  92. 'checkAccess' => [$this, 'checkAccess'],
  93. ],
  94. 'options' => [
  95. 'class' => 'yii\rest\OptionsAction',
  96. ],
  97. ];
  98. }
  99. /**
  100. * @inheritdoc
  101. */
  102. protected function verbs()
  103. {
  104. return [
  105. 'index' => ['GET', 'HEAD'],
  106. 'view' => ['GET', 'HEAD'],
  107. 'create' => ['POST'],
  108. 'update' => ['PUT', 'PATCH'],
  109. 'delete' => ['DELETE'],
  110. ];
  111. }
  112. /**
  113. * Checks the privilege of the current user.
  114. *
  115. * This method should be overridden to check whether the current user has the privilege
  116. * to run the specified action against the specified data model.
  117. * If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
  118. *
  119. * @param string $action the ID of the action to be executed
  120. * @param object $model the model to be accessed. If null, it means no specific model is being accessed.
  121. * @param array $params additional parameters
  122. * @throws ForbiddenHttpException if the user does not have access
  123. */
  124. public function checkAccess($action, $model = null, $params = [])
  125. {
  126. }
  127. }